480 likes | 487 Views
Presentation on: Tarzan: A Peer-to-Peer Anonymizing Network Layer. Steffen Schott Computer Networks and Telematics, Freiburg Prof. Dr. Christian Schindelhauer Advanced Seminar: Peer-to-Peer Networks Arne Vater 02/03/2007. Overview. Motivation Architecture and Design Layered Encryption
E N D
Presentation on:Tarzan: A Peer-to-Peer Anonymizing Network Layer Steffen Schott Computer Networks and Telematics, Freiburg Prof. Dr. Christian Schindelhauer Advanced Seminar: Peer-to-Peer Networks Arne Vater 02/03/2007
Overview • Motivation • Architecture and Design • Layered Encryption • Peer discovery • Mimic selection • Tunnel setup • Tunnel failure and reconstruction • Cover traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Idea: Freedman/Morris User cone.informatik.uni-freiburg.de >> Motivation Motivation • Tarzan was introduced in 2002 by Michael J. Freedman and Robert Morris • Received Paper Award • What does Tarzan? • Provides anonymity to sender or receiver • Without requiring both to participate • Peer-to-Peer anonymous network overlay ? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Motivation Motivation Endpoint Endpoint Application Presentation Session Transport Network Data Pysical Application Presentation Session Transport Network Data Pysical Relay TARZAN Network Data Pysical Physical connection Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Motivation Achieving Anonymity • Techniques used to achieve anonymity: • Flexible mixes for tunneling within peers • Not like Chaumian Mixes • Onion routing style encryption • To avoid traceability of path and content disclosure • Unforeseen peer selection • To protect from adversaries taking over the network by creating specific peers • Cover Traffic • To lessen traffic analysis attacks • Fully Peer-to-Peer • No liability at central instance • Anonymizing on the IP-Level • Independent to applications - no modification needed Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Motivation Achieving Anonymity • Some more general design facts • Pseudonymous NAT (PNAT) forwards to servers which are not aware of Tarzan • Tunnel initiator sanitizes IP headers, as well as TCP headers if applicable X IP APP PNAT User cone.informatik.uni-freiburg.de Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
? ? ? ? ? >> Motivation Achieving Anonymity cone.informatik .uni-freiburg.de Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • Layered Encryption • Peer Discovery • Mimic Selection • Tunnel Setup • Tunnel Failure and Reconstruction • Cover Traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Layered Encryption Layered Encryption • How do we want to encrypt? • Symmetric encryption hides data • MAC protects its integrity • Separate keys are used in each direction of each relay • Therefore, flow tags uniquely identifies each link (of each tunnel) • Each leg of the tunnel removes or adds a layer of encryption • Like chaumian mixes cone.informatik .uni-freiburg.de PNAT Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
APP Public Alias Address PNAT Real IP Address Tunnel Private Address User >> Architecture and Design >> Layered Encryption Layered Encryption • Random address assigned • NATed at beginning and end of the tunnel • Bulk of the encryption workload on the node seeking anonymity cone.informatik .uni-freiburg.de Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Example for Ts >> Architecture and Design >> Layered Encryption Encryption Process • Be • T = (h1,h2,...,hl,hpnat) Tunnel short version: T = (h1,h2,hpnat) • Bi = block to receive by node i • ENC = encryption • MAC = fingerprint • seq = sequence number • General Rule for each node: +1 Steffen Schott Tarzan: A P2P Anonimizing Network Layer
PNAT ? • Every tunnel has an end… Any consequences? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • Layered Encryption • Peer Discovery • Mimic Selection • Tunnel Setup • Tunnel Failure and Reconstruction • Cover Traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Peer Discovery Peer Discovery • Objective: Assigning neighbors - in a decentralized but verifiable manner • Each node generates its public key locally the first time it enters the network • Knowing initially only a few nodes • Peer discovery by simple gossip-based protocol • By sending {ipaddr, port, hash(pubkey)} - tuples • Goal: to learn about all network resources - fully connected Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Peer Discovery Peer Discovery User Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Peer Discovery Protocol • Protocol supports: initialization, redirection and maintenance • Initialization: transfer entire neighbor list - from randomly contacted neighbor • Redirection: redirecting new nodes to random neighbor (to shed load) • Maintenance: provide only new information to a node's database • Differences calculated efficiently by performing k-ary searches on prefix-aggregated hashes of the set elements • H[n] H[n]/k H[n]/k² O(logkn) • Hash values of node a’ssorted set Va – approx. (k–1) values sent at a time Hi = hash( … hash( hash(Va[1]) +Va[2]) … + Va[i]) Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Peer Discovery IP-Tables • Building IP-Tables: • Differentiation: unvalidated (Ua) and validated addresses (Va) of node a • Only Va in IP-Table for mimic & tunnel selection • Validation by discovery request • Stops an adversary from injecting arbitrary tuples into a peer database • Contacting neighbors in Ua before retrying neighbors in Va • Prunes inactive neighbors • Learns and validates in O(n) connections Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Peer Discovery ? • What is probably the most negative fact about this algorithm? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • Layered Encryption • Peer Discovery • Mimic Selection • Tunnel Setup • Tunnel Failure and Reconstruction • Cover Traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Mimic Selection Mimic Selection • Threat: wide-spread eavesdropper can analyse traffic patterns • Finding partners for cover traffic: • Every node upon joining asks k nodes to exchange dummy/mimic traffic • An expected k nodes select this node as they look for their own mimics • Goal: establishes a bidirectional, time-invariant packet stream with all E[K]=2k mimic nodes • After successfully discovery - symmetric key for encryption is exchanged for link encoding • Now, real data can be inserted, indistinguishable from the cover traffic • Can be anyone? • Simply choosing nodes completely at random from Va not a good idea Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Mimic Selection Threats unswitched LAN local subnet honest node malicious node spoofed node honest router malicious router corrupted domain border gateway Idea: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Mimic Selection Hashing • Thus • Tarzan uses three-level hierarchy chord ring (DHT) • First chooses from /16 subnets, then /24 and finally from the rest • Node a's ith mimic =: Ma-i where Ma-i is the smallest id ≥ idi = lookupi(a.ipaddr) and lookupd(a.ipaddr) = hash(a.ipaddr/d,date) • So: lookupid(a.ipaddr) = hash(..hash(hash(a.ipaddr/d,date))..) with d element{/16, /24, /32} Steffen Schott Tarzan: A P2P Anonimizing Network Layer
K16 = H(H(U.IP/16)) lookup(K16) K32 = H(H(U.IP)) lookup(K32) H4(U.IP) H3(U.IP) A D Hi(A.IP) H2(U.IP) Hi(B.IP) Hi(C.IP) B C >> Architecture and Design >> Mimic Selection Hashing H(18.26) H(216.16.108.10) H(216.16) H(216.16.31.13) User H(128.2) H(216.16.54.8) H(13.1) IP H(169.229) IP/16 Source: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Mimic Selection Connecting a Mimic • Steps: • Node a sends mimic request to Ma-i including {a.ipaddr, i} • Ma-i =: b only accepts mimic establishment if: • 1 < i ≤ (k+1) • b.lookupi(a.ipaddr) = b to verify that b is true i-th mimic of a • If lookup-check fails: 1st case: a and b have different network view 2nd case: a already contacted c, but c didn't respond Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Mimic Selection ? • If A and B are mimics. How probable is it, them to have a common second mimic? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • Layered Encryption • Peer Discovery • Mimic Selection • Tunnel Setup • Tunnel Failure and Reconstruction • Cover Traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
PNAT >> Architecture and Design >> Tunnel Setup Tunnel Setup • Selecting tunnel nodes User Idea: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Tunnel Setup • O(length) public-key operations and and O(length2) inter-relay messages to complete • Overhead • tunnel setup: approx. 20ms/hop • for packet forwarding: approx. 1ms/hop (each) Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Tunnel Failure and Reconstruction Tunnel Failure and Reconstruction • Initiator regularly sends ping messages to the PNAT • Upon multiple unsuccessful pings to PNAT - then pings to each relay 1st case: PNAT unreachable, hl responds • New PNAT will be chosen randomly 2nd case: any relay < hl doesn't respond • Tunnel is partially reconstructed - PNAT stays the same • So that higher level connections, such as TCP, do not die upon tunnel failure • Example: hi+1 doesn't respond - rebuild the tunnel from hi forward • T' = (h1,..., hi, hi+1',..., hl', hpnat) • Upon multiple unsuccessful attempts, the initiator decrements i by one and reattempts reconstruction Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Tunnel Failure and Reconstruction ? • What if one relay simply doesn‘t forward traffic? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • Layered Encryption • Peer Discovery • Mimic Selection • Tunnel Setup • Tunnel Failure and Reconstruction • Cover Traffic • Security Analysis • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Cover Traffic Cover Traffic – Unifying Traffic Patterns • Mimics links are symmetrically encrypted on top of the tunnel cover traffic indistinguishable from data flows • Incoming cover traffic can be dropped on demand or rebalanced on any outgoing links • No congestion control or retransmission in relays • Freedman and Morris are giving two equations Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design >> Cover Traffic Equations • Outgoing DATA rate to single tunnel ≤⅓ Total incoming rate (data + cover) • node cannot be identified as being a clear source of data • ⅓ Total incoming rate (data + cover) ≤ Total Outgoing rate (data + cover) (=upper bound) • Always have some cover traffic for adjustments • Provide anonymity to its neighbors • Stops node from being clear sink of traffic and Total Outgoing rate (data + cover) ≤ Maximum total incoming rate + ε (=lower bound) • Again: node cannot be identified as being a clear source of data • ε - to cooperatively raise their maximum traffic levels Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Architecture and Design Further Possibilities • Achieving both sender and recipient anonymity … I want to speak to Host 1 via PNAT1+2 Host 1 Host 2 PNAT 1 PNAT 2 Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • … • … • Security Analysis • Prevented Attacks • Possible Attacks • Possible Improvements • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
PNAT >> Security Analysis Security Analysis • Who knows his own role? • Node h1 to hl-1 just know that relay, but not position • Predecessor MAYBE initiator? User Idea: Freedman/Morris Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Prevented Attacks Prevented Attacks • Various attack given in open-admission, self-organized peer-to-peer models have been faced! • Attacks through corrupt gossiping • Only if all initially known peers are malicious will keep wrong IP-Table • Attacks given by open admission • Adversary might control many peers in some domains but not the Tarzan network, thanks to subnet-hierarchy hashes for IP-Tables • Public keys are gossiped and not distributed directly • Attacks per ignoring neighbor-selection algorithm • Mimics cannot be „generated“ due to hash algorithm • On tunnel setup, mimics of all relay are verified • Attacks by adaptive, compromising adversary • Tunnel duration and mimic stability probably to small for adversary • Situation far more difficult for adversary than in a central core network Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Prevented Attacks Prevented Attacks • Further attacks … • Attacks of mimic nodes by sudden mutual omission of cover traffic • Should not be successful due to traffic invariants • Attacks by interpreting content • Should be impossible due to complex encryption and integrity mechanisms • Except at PNAT • Attacks through traffic analysis • Weak possibilities, and only for relays • Attacks, that take advantage from modifying packets (except omission) • Probably will be dropped caused by integrity checks Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Possible Attacks Possible Attacks • Attack on tunnel reconstruction protocol • Simply not forward traffic for two corresponding flow identifiers by hi • The initiator will suspect hi+1 not to work and will be trying another mimic of hi • hi can repeat that until hi+1 is an adversary mimic as well, and so on for hi+1 • Attack can be avoided if reconstruction starts at node hi-1 • So far not part of the Tarzan design Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Possible Attacks Intersection Attack - Passive Logging Attack • Most powerful, while extremely easy to fulfill • Few means of defending • Only single peer in the system is needed to obtain full IP-Table • Taking a collection of timely disjoint set of nodes - which contain the initiator • Just intersecting those sets will decrease list of possible IPs • Even extremely efficient for low bandwidth protocols like SMTP Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Possible Attacks Other Possible Attacks • A capable adversary might see a request from PNAT to some webserver + sees the forwarding to hl • This is as hpnat an hl are no mimics - no cover traffic is exchanged • Few was said in Paper about batching of data packets et al. is applied to avoid linkability of hpnat to hl • Batching in 20msec intervals only, done by every relay • Traffic analysis by relay limited yet possible • Counting packets + measurement of response times • Estimation of distance from initiator • Example: Maximum of 3 hops – Just expected 5 x 6 + 1 possible initiators • Further traffic analysis • If a global eavesdropper has various malicious peers in tunnels, which one by one stop forwarding traffic for short time • Global eavesdropper can notice stop of traffic from webserver to PNAT Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Possible Attacks Other Possible Attacks • Attacks by sending data via suspicious node (possible initiator) • Estimating outgoing data rate ≤ ⅓ total incoming rate (data + traffic) • Set up tunnel via suspicious node + send data • If node rejects tunnel setup or not the full amount of data passes, probable relay or initiator of real data • Attackers might exceed own upper bound of outgoing DATA (⅓ of total Incoming) Steffen Schott Tarzan: A P2P Anonimizing Network Layer
>> Security Analysis >> Possible Improvements Possible Improvements • Setup of various tunnels at a time to same or even different PNAT • Gaining connection reliability • Can make timing/traffic analysis harder (even for relay peers) • Slight variation of tunnel reconstruction protocol to avoid interference of adversary • Rebuild tunnel from hi-1 if hi+1 doesn’t respond • Further batching of packets at PNAT • To lessen possibility of traffic analysis • Using a proxy to lessen risk of intersection attack Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Overview • Motivation • Architecture and Design • … • … • Security Analysis • Prevented Attacks • Possible Attacks • Possible Improvements • Conclusion Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Conclusion • Fully P2P anonymizing network layer • Independent to applications • Protecting against various attacks of edge analysis • Efficiently constructed – up to real-time • But: Some known passive logging attacks Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Any Questions? Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Any Questions? • Introducing Tarzan … Source: Harold F. Schiffman haroldfs@ccat.sas.upenn.edu Steffen Schott Tarzan: A P2P Anonimizing Network Layer
Some Literatur • Michael J. Freedman and Robert Morris Tarzan: A Peer-to-Peer Anonymizing Network Layer, in Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, D.C., 2002 And slides: http://www.scs.stanford.edu/mfreed/docs/tarzan-ccs02-slides.pdf • M. Wright and M. Adler and B. Levine and C. Shields, Defending anonymous communication against passive logging attacks, in Proc. IEEE Symposium on Research in Security and Privacy, Berkeley, CA, May 2003 • Andrei Serjantov and Peter Sewell, Passive Attack Analysis for Connection-Based Anonymity Systems, University of Cambridge, 2003 • Alan Mislove Gaurav, AP3: Cooperative, decentralized anonymous communication, in Proceedings of the 11th workshop on ACM SIGOPS European workshop: beyond the PC, Leuven, Belgium, 2004 • JAP Anon Proxy, http://anon.inf.tu-dresden.de/ Steffen Schott Tarzan: A P2P Anonimizing Network Layer